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Amendments to the Claims 

This listing of claims will replace all prior versions and listings of claims in the application. 

1 . (Original) A method of managing operational risk for an organization, the 
method comprising: 

identifying at least one failure mode for a function of the organization; 
identifying at least one cause and at least one effect for at least one of the at least one 
failure mode; 

acquiring ratings associated with the at least one cause and the at least one effect; 

permuting the at least one failure mode, the at least one cause, and the at least one effect 
to define at least two risk items; and 

producing a risk prioritization report of the at least two risk items based at least in part on 
the ratings associated with the at least one cause and the at least one effect. 

2. (Original) The method of claim 1 further comprising: 

recording a mitigation plan associated with at least one of the at least two risk items in 
the risk prioritization report; and 

tracking implementation of the mitigation plan. 

3. (Original) The method of claim 1 wherein the ratings further comprise: 
a severity rating and a response rating associated with each of the at least one 

effect; and 

an occurrence rating and a detection rating associated with each of the at least 
one cause. 

4. (Original) The method of claim 3 wherein the producing of the risk prioritization 
report further comprises: 

calculating a criticality based on the severity rating and the occurrence rating; 
calculating a risk priority number based on the severity rating, the occurrence rating and 
the detection rating; and 
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calculating an adjusted criticality based on the criticality, the severity rating, and the 
response rating. 

5. (Original) The method of claim 4 further comprising: 

determining whether the at least one effect is related to at least one of a group consisting 
of compliance and strategic planning; 

wherein the producing of the risk prioritization report further comprises determining 
whether each of the at least two risk items represents at least one of a group consisting of a 
compliance related risk, a strategic planning related risk, a hidden factory, and a tail event. 

6. (Original) The method of claim 2 wherein the ratings further comprise: 
a severity rating and a response rating associated with each of the at least one 

effect; and 

an occurrence rating and a detection rating associated with each of the at least 
one cause. 

7. (Original) The method of claim 6 wherein the producing of the risk prioritization 
report further comprises: 

calculating a criticality based on the severity rating and the occurrence rating; 

calculating a risk priority number based on the severity rating, the occurrence rating and 
the detection rating; and 

calculating an adjusted criticality based on the criticality, the severity rating, and the 
response rating. 

8. (Original) The method of claim 7 further comprising: 

determining whether the at least one effect is related to at least one of a group consisting 
of compliance and strategic planning; 

wherein the producing of the risk prioritization report further comprises determining 
whether each of the at least two risk items represents at least one of a group consisting of a 
compliance related risk, a strategic planning related risk, a hidden factory, and a tail event. 
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9. (Original) The method of claim 1 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 

1 0. (Original) The method of claim 2 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 

1 1 . (Original) The method of claim 3 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 

12. (Original) The method of claim 6 further comprising: 

acquiring failure mode likelihoods associated with the at least one failure mode for the 
function; and 

validating the ratings using the failure mode likelihoods. 

1 3 . (Original) The method of claim 1 further comprising validating the ratings using 
historical data. 

14. (Original) The method of claim 3 further comprising validating the ratings using 
historical data. 

1 5 . (Original) The method of claim 6 further comprising validating the ratings using 
historical data. 
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16. (Original) The method of claim 12 further comprising validating the ratings using 
historical data. 

17. (Original) The method of claim 1 wherein the producing of the risk prioritization 
report further comprises quantifying at least some of the risk items based on financial data. 

18. (Original) The method of claim 5 wherein the producing of the risk prioritization 
report further comprises quantifying at least some of the risk items based on financial data. 

19. (Original) The method of claim 8 wherein the producing of the risk prioritization 
report further comprises quantifying at least some of the risk items based on financial data. 

20. (Original) The method of claim 12 wherein the producing of the risk 
prioritization report further comprises quantifying at least some of the risk items based on 
financial data. 

21 . (Original) The method of claim 1 further comprising determining a stability ratio, 
wherein the stability ratio represents a comparison of one of a number of priority risk items and a 
number of non-priority risk items to a total number of risk items. 

22. (Original) The method of claim 2 wherein the method further comprises 
determining a stability ratio, wherein the stability ratio represents a comparison of one of a 
number of priority risk items and a number of non-priority risk items to a total number of risk 
items and the tracking of the implementation of the mitigation plan further comprises tracking a 
stability ratio. 

23 . (Currently Amended) A computer program product comprising a computer 
readable medium with a computer program embodied therein for facilitating risk assessment and 
control for an organization, the computer program comprising: 
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instructions for identifying failure modes for at least one function of the 
organization; 

instructions for identifying at least one cause and at least one effect for each failure 

mode; 

instructions for acquiring ratings associated with the at least one cause and the at least 
one effect; 

instructions for permuting the failure modes, the at least one cause, and the at least one effect to 
define risk items; and 

instructions for producing a risk prioritization report of the risk items based at least in 
part on the ratings associated with the at least one cause and the at least one effect for each 
failure mode. 

24. (Original) The computer program product of claim 23 wherein the computer 
program further comprises: 

instructions for recording a mitigation plan associated with at least one of the risk items 
in the risk prioritization report; and 

instructions for tracking implementation of the mitigation plan. 

25. (Original) The computer program product of claim 23 wherein the ratings further 
comprise: 

a severity rating and a response rating associated with each of the at least one 
effect; and 

an occurrence rating and a detection rating associated with each of the at least 
one cause. 

26. (Original) The computer program product of claim 25 wherein the instructions 
for producing the risk prioritization report further comprise: 

instructions for calculating a criticality based on the severity rating and the occurrence 

rating; 
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instructions for calculating a risk priority number based on the severity rating, the 
occurrence rating and the detection rating; and 

instructions for calculating an adjusted criticality based on the criticality, the severity 
rating, and the response rating. 

27. (Original) The computer program product of claim 26 wherein the computer 
program further comprises: 

instructions for determining whether the at least one effect is related to at least one of a 
group consisting of compliance and strategic planning; 

wherein the instructions for producing of the risk prioritization report further comprise 
instructions for determining whether each of the risk items represents at least one of a group 
consisting of a compliance related risk, a strategic planning related risk, a hidden factory, and a 
tail event. 

28. (Original) The computer program product of claim 24 wherein the ratings further 
comprise: 

a severity rating and a response rating associated with each of the at 

least one effect; and 

an occurrence rating and a detection rating associated with each of the 

at least one cause. 

29. (Original) The computer program product of claim 28 wherein the instructions 
for producing the risk prioritization report further comprises: 

instructions for calculating a criticality based on the severity rating and the occurrence 

rating; 

instructions for calculating a risk priority number based on the severity rating, the 
occurrence rating and the detection rating; and 

instructions for calculating an adjusted criticality based on the criticality, the severity 
rating, and the response rating. 
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30. (Original) The computer program product of claim 29 wherein the computer 
program further comprises: 

instructions for determining whether the at least one effect is related to at least one of a 
group consisting of compliance and strategic planning; 

wherein the instructions for producing of the risk prioritization report further comprise 
instructions for determining whether each of the risk items represents at least one of a group 
consisting of a compliance related risk, a strategic planning related risk, a hidden factory, and a 
tail event. 

3 1 . (Original) The computer program product of claim 23 wherein the computer 
program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

32. (Original) The computer program product of claim 24 wherein the computer 
program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

33 . (Original) The computer program product of claim 25 wherein the computer 
program further comprises: 

instructions for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

34. (Original) The computer program product of claim 28 wherein the computer 
program further comprises: 
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instructions for acquiring failure mode likelihoods associated with the at least 
one failure mode for the function; and 

instructions for validating the ratings using the failure mode likelihoods. 

35. (Original) The computer program product of claim 23 wherein the computer 
program further comprises instructions for validating the ratings using historical data. 

36. (Original) The computer program product of claim 25 wherein the computer 
program further comprises instructions for validating the ratings using historical data. 

37. (Original) The computer program product of claim 28 wherein the computer 
program further comprises instructions for validating the ratings using historical data. 

38. (Original) The computer program product of claim 34 wherein the computer 
program further comprises instructions for validating the ratings using historical data. 

39. (Original) The computer program product of claim 23 wherein the instructions 
for producing the risk prioritization report further comprise instructions for quantifying at least 
some of the risk items based on financial data. 

40. (Original) The computer program product of claim 27 wherein the instructions 
for producing the risk prioritization report further comprise instructions for quantifying at least 
some of the risk items based on financial data. 

41 . (Original) The computer program product of claim 30 wherein the instructions 
for producing the risk prioritization report further comprise instructions for quantifying at least 
some of the risk items based on financial data. 



TRIl\673083vl 



9 



Serial No.: 10/605,551 



42. (Original) The computer program product of claim 34 wherein the instructions 
for producing the risk prioritization report further comprise instructions for quantifying at least 
some of the risk items based on financial data. 

43. (Original) The computer program product of claim 23 wherein the computer 
program further comprises instructions for determining a stability ratio, wherein the stability 
ratio represents a comparison of one of a number of priority risk items and a number of non- 
priority risk items to a total number of risk items. 

44. (Original) The computer program product of claim 24 wherein the computer 
program further comprises instructions for determining a stability ratio, wherein the stability 
ratio represents a comparison of one of a number of priority risk items and a number of non- 
priority risk items to a total number of risk items and the instructions for tracking the 
implementation of the mitigation plan further comprise instructions for tracking a stability ratio. 

45. (Original) Apparatus for facilitating risk management for an organization, the apparatus 
comprising: 

means for identifying failure modes for at least one function of the 
organization; 

means for identifying at least one cause and at least one effect for each failure mode; 
means for acquiring ratings associated with the at least one cause and the at least one 

effect; 

means for permuting the failure modes, the at least one cause, and the at least one effect 
to define risk items; and 

means for producing a risk prioritization report of the risk items based at least in part on 
the ratings associated with the at least one cause and the at least one effect for each failure mode 

46. (Original) The apparatus of claim 45 further comprising: 
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means for recording a mitigation plan associated with at least one of the risk items in the 
risk prioritization report; and 

means for tracking implementation of the mitigation plan. 

47. (Original) The apparatus of claim 45 further comprising: 

means for acquiring failure mode likelihoods associated with the at least one 
failure mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 

48. (Original) The apparatus of claim 46 further comprising: 

means for acquiring failure mode likelihoods associated with the at least one 
failure mode for the function; and 

means for validating the ratings using the failure mode likelihoods. 

49. (Original) The apparatus of claim 45 further comprising means for validating the 
ratings using historical data. 

50. (Original) The apparatus of claim 46 further comprising means for validating the 
ratings using historical data. 

5 1 . (Original) The apparatus of claim 47 further comprising means for validating the 
ratings using historical data. 

52. (Original) The apparatus of claim 48 further comprising means for validating the 
ratings using historical data. 

53. (Original) The apparatus of claim 45 further comprising means for determining a 
stability ratio, wherein the stability ratio represents a comparison of one of a number of priority 
risk items and a number of non-priority risk items to a total number of risk items. 
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54. (Original) A system for facilitating risk assessment and control for an 
organization comprising: 

at least one analysis module to identify causes and effects associated with failure modes 
of at least one function of the organization and acquire ratings associated with the causes and 
effects; 

at least one data store operationally connected to at least some of the at least one analysis 
module to store failure modes, causes, effects, and ratings; and 

at least one calculation module operationally connected to the at least one data store to 
permute the failure modes, causes and effect to define risk items and produce a risk prioritization 
report of the risk items based at least in part on the ratings. 

55. (Original) The system of claim 54 wherein the ratings further comprise: 
a severity rating and a response rating associated with each effect; and 

an occurrence rating and a detection rating associated with each cause. 

56. (Original) The system of claim 55 wherein the at least one calculation module is 
operable to calculate a criticality based on the severity rating and the occurrence rating, a risk 
priority number based on the severity rating, the occurrence rating and the detection rating, and 
an adjusted criticality based on the criticality, the severity rating, and the response rating. 

57. (Original) The system of claim 56 wherein the at least one calculation module is 
operable to determine whether each of the risk items represents at least one of a group consisting 
of a compliance related risk, a strategic planning related risk, a hidden factory, and a tail event. 

58. (Original) The system of claim 54 further comprising a data validation module 
operationally connected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 
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59. (Original) The system of claim 54 further comprising a risk data quantification 
module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

60. (Original) The system of claim 55 further comprising a data validation module 
operationally connected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 

61 . (Original) The system of claim 55 further comprising a risk data quantification 
module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

62. (Original) The system of claim 56 further comprising a data validation module 
operationally connected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 

63. (Original) The system of claim 56 further comprising a risk data quantification 
module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

64. (Original) The system of claim 57 further comprising a data validation module 
operationally connected to the at least one data store, the data validation module operable to 
validate ratings at least in part using historical data. 

65 . (Original) The system of claim 57 further comprising a risk data quantification 
module operationally connected to the at least one data store, the risk data quantification module 
operable to quantify ratings based at least in part on financial data. 

66. (Original) The system of claim 54 further comprising an operational interface to 
a risk meta-modeling system. 
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67. (Original) The system of claim 58 further comprising an operational interface to 
a risk meta-modeling system. 

68. (Original) The system of claim 59 further comprising an operational interface to 
a risk meta-modeling system. 

69. (Original) The system of claim 62 further comprising an operational interface to 
a risk meta-modeling system. 

70. (Original) The system of claim 63 further comprising an operational interface to 
a risk meta-modeling system. 

71 . (Original) The system of claim 54 further comprising a stability analysis module 
operationally connected to the at least one calculation module to determine a stability ratio, 
wherein the stability ratio represents a comparison of one of a number of priority risk items and a 
number of non-priority risk items to a total number of risk items. 
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